CVE-2019-10353 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.176.2 || >=2.177 <2.186

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0046 pctl0.63223

Details

Cross-Site Request Forgery in Jenkins CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection.

Metadata

Created: 2022-05-24T16:50:30Z
Modified: 2022-06-28T22:58:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hcxf-rq72-h4rr/GHSA-hcxf-rq72-h4rr.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-hcxf-rq72-h4rr
Finding: F007
Auto approve: 1